Home » Lantronix Manuals » Hubs & Switches » Lantronix SISPM1040-3166-L » Manual Viewer

Lantronix SISPM1040-3166-L Web User Guide Rev G PDF 14.13 MB - Page 261

RADIUS-Assigned QoS Enabled, RADIUS attributes used in identifying a QoS Class, RADIUS-Assigned VLAN

View all Lantronix SISPM1040-3166-L manuals

Add to My Manuals
Save this manual to your list of manuals

Page 261 highlights

Transition Networks SISPM1040-3xxx-L Web User Guide The advantage of MAC-based authentication over port-based 802.1X is that several clients can be connected to the same port (e.g. through a 3rd party switch or a hub) and still require individual authentication, and that the clients don't need special supplicant software to authenticate. The advantage of MAC-based authentication over 802.1X-based authentication is that the clients don't need special supplicant software to authenticate. The disadvantage is that MAC addresses can be spoofed by malicious users - equipment whose MAC address is a valid RADIUS user can be used by anyone. Also, only the MD5-Challenge method is supported. The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality. RADIUS-Assigned QoS Enabled : When RADIUS-Assigned QoS is both globally enabled and enabled (checked) on a given port, the switch reacts to QoS Class information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated. If present and valid, traffic received on the supplicant's port will be classified to the given QoS Class. If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a QoS Class or it's invalid, or the supplicant is otherwise no longer present on the port, the port's QoS Class is immediately reverted to the original QoS Class (which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned). This option is only available for single-client modes, i.e.: • Port-based 802.1X • Single 802.1X RADIUS attributes used in identifying a QoS Class: The User-Priority-Table attribute defined in RFC4675 forms the basis for identifying the QoS Class in an Access-Accept packet. Only the first occurrence of the attribute in the packet will be considered, and to be valid, it must follow this rule: • All 8 octets in the attribute's value must be identical and consist of ASCII characters in the range '0' - '7', which translates into the desired QoS Class in the range [0; 7]. RADIUS-Assigned VLAN Enabled : When RADIUS-Assigned VLAN is both globally enabled and enabled (checked) for a given port, the switch reacts to VLAN ID information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated. If present and valid, the port's Port VLAN ID will be changed to this VLAN ID, the port will be set to be a member of that VLAN ID, and the port will be forced into VLAN unaware mode. Once assigned, all traffic arriving on the port will be classified and switched on the RADIUS-assigned VLAN ID. If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a VLAN ID or it's invalid, or the supplicant is otherwise no longer present on the port, the port's VLAN ID is immediately reverted to the original VLAN ID (which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned). This option is only available for single-client modes, i.e. • Port-based 802.1X • Single 802.1X For trouble-shooting VLAN assignments, use the "Monitor > VLANs > VLAN Membership and VLAN Port" pages. These pages show which modules have (temporarily) overridden the current Port VLAN configuration. RADIUS attributes used in identifying a VLAN ID: RFC2868 and RFC3580 form the basis for the attributes used in identifying a VLAN ID in an Access-Accept packet. The following criteria are used: 33763 Rev. G https://www.transition.com Page 261 of 496

Section	Page
Safety Warnings and Cautions:	2
Chapter 1 - Introduction	10
1-1 Key Features	10
1-2 About This Manual	10
1-3 Related Manuals	10
Chapter 2 – Web User Interface	11
2-1 Initial Login	11
2-2 Webpage Controls	12
Webpage Messages	13
Chapter 3 - System Configuration	14
3-1 System Information	14
3-2 IP Address	16
3-2.1 Settings	16
3-2.2 Advanced Settings	18
3-2.3 Status	22
3-3 System Time	24
3-4 LLDP	27
3-4.2 LLDP-MED Configuration	30
3-4.3 LLDP Neighbor	36
3-4.4 LLDP-MED Neighbor	38
3-4.5 LLDP Neighbor PoE	41
3-4.6 LLDP Neighbor EEE	42
3-4.7 LLDP Statistics	44
3-5 UPnP	46
Chapter 4 – Port Management	48
4-1 Port Configuration	48
4-2 Port Statistics	50
4-3 Detailed Port Statistics	51
4-3 SFP Port Info	53
4-4 Energy Efficient Ethernet	55
4-5 Link Aggregation	56
4-5.1 Static Configuration	56
4-5.2 Aggregation Status	58
4-5.3 LACP Configuration	59
4-5.4 System Status	61
4-5.5 Internal Status	62
4-5.6 Neighbor Status	64
4-5.7 Port Status	66
4-6 Loop Protection	67
4-6.1 Configuration	67
4-6.2 Status	69
4-7 UDLD	70
4-7.1 UDLD Configuration	70
4-7.2 UDLD Status	72
Chapter 5 - PoE Management	74
5-1 PoE Configuration	74
5-2 PoE Management > PoE Status	77
5-3 PoE Management > PoE Power Delay	79
5-4 PoE Management > PoE Auto Checking	80
PoE Auto Checking “AutoFill” Feature	81
5-5 PoE Management > PoE Scheduling Profile	82
Chapter 6 – VLAN Management	83
6-1 VLAN Configuration	83
6-2 VLAN Membership	87
6-3 VLAN Port Status	89
6-4 VLAN Name Configuration	91
6-4 MAC-based VLAN	92
6-4.1 Configuration	92
6-4.2 Status	94
6-5 Protocol-based VLAN	95
6-5.1 Protocol to Group	95
6-5.2 Group to VLAN	97
6-6 VCL IP Subnet-based VLAN Configuration	99
6-7 GVRP	100
6-8 Private VLAN	102
6-9 Port Isolation	103
6-10 Voice VLAN	104
6-10.1 Configuration	104
6-10.2 OUI	106
Chapter 7 – Ethernet Services	107
7-1 Ports	107
7-2 EVC Port Configuration	109
7-3 EVC Encapsulation Configuration	111
7-4 EVC L2CP Profile Configuration	112
7-5 EVC L2CP Port Configuration	113
7-6 EVC CoS ID Policer Configuration	114
7-7 EVC Configuration	116
7-8 ECE Configuration	121
7-9 EVC Statistics	131
Chapter 8 – Performance Monitor	133
8-1 PM Session and Storage Configuration	133
8-2 PM Transfer Configuration	134
8-3 Performance Monitor Loss Measurement Statistics	136
8-4 Performance Monitor Delay Measurement Statistics	138
8-5 Performance Monitor EVC Statistics	141
8-6 Performance Monitor Measurement Interval Information	143
Chapter 9 – Quality of Service (QoS)	145
9-1 Port Classification	145
9-2 Port Policers	148
9-3 Port Shapers	150
9-4 Storm Control	152
9-5 Port Schedulers	154
9-6 Port PCP Remarking	155
9-7 DSCP	158
9-7.1 Port DSCP	158
9-7.2 DSCP Translation	160
9-7.3 DSCP Classification	162
9-7.4 DSCP-Based QoS	163
9-8 QoS Control List	164
9-8.1 Configuration	164
9-8.2 Status	168
9-9 QoS Statistics	170
9-10 WRED	171
Chapter 10 – HqoS (Hierarchical Quality of Service)	174
10-1 HqoS Port Configuration	174
10-2 Add New HqoS Entry	175
Chapter 11 – Spanning Tree	180
11-1 STP Configuration	180
11-2 MSTI Configuration	183
11-3 STP Status	189
11-4 Port Statistics	192
Chapter 12 – MAC Address Tables	193
12-1 Configuration	193
12-2 Information	196
Chapter 13 – Multicast	198
13-1 IGMP Snooping	198
13-1.1 Basic Configuration	198
13-1.2 VLAN Configuration	200
13-1.3 Status	202
13-1.4 Groups Information	204
13-1.5 IGMP SFM Information	206
13-2 MLD Snooping	208
13-2.1 Basic Configuration	208
13-2.2 VLAN Configuration	211
13-2.3 Status	213
13-2.4 Groups Information	215
13-2.5 MLD SFM Information	217
13-3 MVR	219
10-3.1 Basic Configuration	219
13-3.2 Statistics	222
13-3.3 Groups Information	223
13-3.4 SFM Information	224
13-4 Multicast Filtering Profile	226
13-4.1 Filtering Profile Table	226
13-4.2 Filtering Address Entry	229
Chapter 14 – DHCP	231
14-1 Snooping	231
14-1.1 Configuration	231
14-1.2 Snooping Table	233
14-1.3 Detailed Statistics	234
14-2 Relay	236
14-2.1 Configuration	236
14-2.2 Statistics	238
14-3 Server	240
14-3.1 Configuration	240
14-3.2 Status	241
Chapter 15 – Security	243
15-1 Management	243
15-1.1 Account	243
15-1.2 Privilege Levels	247
15-1.3 Auth Method	249
15-1.4 Access Method	252
15-1.5 HTTPS	254
15-2 802.1X	256
15-2.1 Configuration	256
15-2.2 Status	264
15-3 IP Source Guard	270
15-3.1 Configuration	270
15-3.2 Static Table	272
15-3.3 Dynamic Table	273
15-4 ARP Inspection	275
15-4.1 Configuration	275
15-4.2 VLAN Configuration	277
15-4.3 Static Table	279
12-4.4 Dynamic Table	280
15-5 Port Security	282
12-5.1 Configuration	282
15-5.2 Status	285
15-6 RADIUS	288
15-6.1 Configuration	288
15-6.2 Status	291
15-7 TACACS+	296
Chapter 16 – Access Control	298
16-1 Ports Configuration	298
16-2 Rate Limiters	300
16-3 Access Control List	302
16-4 ACL Status	313
Chapter 17 – SNMP	316
17-1 SNMPv1/v2c Configuration	316
17-2 SNMPv3	318
17-2.1 Communities	318
17-2.2 Users	319
17-2.3 Groups	321
17-2.4 Views	322
17-2.5 Access	323
17-3 RMON Statistics	325
17-3.1 Configuration	325
17-3.2 Status	326
17-4 RMON History	328
17-4.1 Configuration	328
17-4.2 Status	329
17-5 RMON Alarm	331
17-5.1 Configuration	331
17-5.2 Status	333
17-6 RMON Event	335
17-6.1 Configuration	335
17-6.2 Status	336
Chapter 18 – MEP	337
18-1 MEP Configuration	337
18-2 MEP Configuration Page	340
18-2.1 Fault Management	345
18-2.2Performance Monitoring	350
Chapter 19 – ERPS	357
19-1 Ethernet Ring Protection Switching	357
19-2 ERPS Instance Configuration	360
19-3 RPL Configuration	361
19-4 Sub-Ring Configuration	361
19-5 Instance Command	361
19-6 ERPS VLAN Configuration	362
Chapter 20 – EPS	364
20-1 EPS Configuration	364
Chapter 21 – Rapid Ring	369
21-1 Configuration	369
Chapter 22 – MRP	370
22-1 Configuration	370
22-2 Status	374
Chapter 23 – PTP	376
23-1 Configuration	376
23-2 Status	387
Chapter 24 – Event Notification	389
24-1 SNMP Trap	389
24-2 eMail	392
24-3 Log	394
24-3.1 Syslog	394
24-3.2 View Log	395
24-4 Digital I/O	397
24-5 Event Configuration	398
24-6 Port Event Setting	400
Chapter 25 – Diagnostics	402
25-1 Ping	402
25-2 Traceroute	404
25-3 Cable Diagnostics	406
25-4 Mirroring	408
25-5 sFlow	410
25-5.1 Configuration	410
25-5.2 Statistics	413
25-6 Traffic Test	415
25-6.1 Y.1564	415
Y.1564 Profile Overview	416
Y.1564 Profile Configuration	417
Y.1564 Report Overview	423
Y.1564 Test Start	424
25-6.2 RFC2544	427
23-6.2.1 RFC Profile Overview	427
25-6.2.2 RFC2544 Profile Configuration	428
25-6.2.3 RFC2544 Reports	433
25-6.2.4 RFC2544 Test Start	434
25-6.3 Traffic Test Loop	438
Traffic Test Loop Configuration	440
Chapter 26 – Maintenance	443
26-1 Configuration	443
26-1.1 Save startup-config	443
26-1.2 Backup	444
26-1.3 Restore	446
26-1.4 Activate	448
26-1.5 Delete	450
26-2 Restart Device	451
26-3 Factory Defaults	452
26-4 Firmware	453
24-4.1 Firmware Upgrade	453
26-4.2 Firmware Selection	454
Chapter 27- DMS (Device Management System)	455
27-1 About DMS	455
27-2 DMS Mode - DMS Controller Switch	455
27-3 DMS Controller Switch and Managed Devices	456
27-4 DMS > DMS Mode	456
27-5 DMS > Management > Map API Key	458
27-6 DMS > Management > Device List	459
27-7 DMS > Graphical Monitoring	461
27-7.1 DMS > Graphical Monitoring > Topology View	461
PoE Auto Checking “AutoFill” Feature	467
27-7.2 DMS > Graphical Monitoring > Floor View	468
27-7.3 DMS > Graphical Monitoring > Map View	471
27-8 DMS > Maintenance	475
27-8.1 DMS > Maintenance > Floor Image	475
27-8.2 DMS > Maintenance > Diagnostics	477
27-8.2 DMS > Maintenance > Traffic Monitor	479
27-8.3 DMS Firmware Upgrade Procedure	483
27-9 DMS Troubleshooting	485
Chapter 28 - Service, Warranty, Tech Support, Contact, and Compliance Information	486
Appendix A – DHCP Per Port Configuration	487
DHCP Per Port Mode and IP Configuration	488
Appendix B – MRP Configuration	490
MRP Description	490
MRP Operation	490
MRP Sample Setup	491
MRP Pre-Requisites (General)	491
MRP Web UI Configuration	492
Example 1: MRP Manager Re-Config (Web UI)	494
Example 2: Non-Blocking MRC State Recognized by MRM (Web UI)	495

Match case Limit results 1 per page

Transition Networks

SISPM1040-3xxx-L Web User Guide

33763 Rev. G

https://www.transition.com

Page

261

496

The advantage of MAC-based authentication over port-based 802.1X is that several clients can be

connected to the same port (e.g. through a 3rd party switch or a hub) and still require individual

authentication, and that the clients don't need special supplicant software to authenticate. The

advantage of MAC-based authentication over 802.1X-based authentication is that the clients don't need

special supplicant software to authenticate. The disadvantage is that MAC addresses can be spoofed by

malicious users - equipment whose MAC address is a valid RADIUS user can be used by anyone. Also, only

the MD5-Challenge method is supported. The maximum number of clients that can be attached to a port

can be limited using the Port Security Limit Control functionality.

RADIUS-Assigned QoS Enabled

: When RADIUS-Assigned QoS is both globally enabled and enabled (checked) on

a given port, the switch reacts to QoS Class information carried in the RADIUS Access-Accept packet transmitted

by the RADIUS server when a supplicant is successfully authenticated. If present and valid, traffic received on the

supplicant's port will be classified to the given QoS Class. If (re-)authentication fails or the RADIUS Access-Accept

packet no longer carries a QoS Class or it's invalid, or the supplicant is otherwise no longer present on the port,

the port's QoS Class is immediately reverted to the original QoS Class (which may be changed by the

administrator in the meanwhile without affecting the RADIUS-assigned).

This option is only available for single-client modes, i.e.:

• Port

-based 802.1X

• Single 802.1X

RADIUS attributes used in identifying a QoS Class

: The User-Priority-Table attribute defined in RFC4675 forms

the basis for identifying the QoS Class in an Access-Accept packet.

Only the first occurrence of the attribute in the packet will be considered, and to be valid, it must follow this rule:

• All 8 octe

ts in the attribute's value must be identical and consist of ASCII characters in the range '0' - '7', which

translates into the desired QoS Class in the range [0; 7].

RADIUS-Assigned VLAN Enabled

: When RADIUS-Assigned VLAN is both globally enabled and enabled (checked)

for a given port, the switch reacts to VLAN ID information carried in the RADIUS Access-Accept packet

transmitted by the RADIUS server when a supplicant is successfully authenticated. If present and valid, the port's

Port VLAN ID will be changed to this VLAN ID, the port will be set to be a member of that VLAN ID, and the port

will be forced into VLAN unaware mode. Once assigned, all traffic arriving on the port will be classified and

switched on the RADIUS-assigned VLAN ID.

If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a VLAN ID or it's invalid, or the

supplicant is otherwise no longer present on the port, the port's VLAN ID is immediately reverted to the original

VLAN ID (which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned).

This option is only available for single-client modes, i.e.

• Port

-based 802.1X

• Single 802.1X

For trouble-shooting VLAN assignments, use the "Monitor > VLANs > VLAN Membership and VLAN Port" pages.

These pages show which modules have (temporarily) overridden the current Port VLAN configuration.

RADIUS attributes used in identifying a VLAN ID

: RFC2868 and RFC3580 form the basis for the attributes used in

identifying a VLAN ID in an Access-Accept packet. The following criteria are used: